State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Phishing Messages Use Email Spoofing to Impersonate NJ State Office

Alert - Advisory

Garden State Cyber Threat Highlight

Original Release Date: 4/14/2023

Summary

On April 8, the NJCCIC discovered several emails sent to New Jersey State employees using a spoofed sender email address impersonating the NJ Office of the Attorney General (OAG). In the observed campaign, communications appeared to be sent from the email address noreply[@]njoag[.]gov; however, the email originated from the hostname slot0[.]bustomshisoa[.]com. Spoofing techniques make phishing emails more difficult to detect as the user must analyze the email headers more closely to determine the true sender. Due to the use of spoofing, the messages in this campaign were blocked as they failed SPF checks and were rejected by DMARC policy.

Additional tactics were used to create a sense of urgency by including the subject line, “Email Security Notification,” and requesting the recipient to confirm their email account. The included link directs the recipient to a webpage containing a login screen with the recipient’s email address already populated and a background image copied from the legitimate NJ OAG website. While the included URL link is not associated with NJ OAG, the branding and seemingly legitimate sender email address could convince a user into entering their account credentials.

Recommendations

The NJCCIC advises against clicking on links in unexpected emails from unverified senders. Users are encouraged to verify that a website is legitimate before entering account information and remain cautious even if messages claim to come from legitimate sources. If a suspicious email appears to originate from a legitimate sender, confirm its authenticity with the sender via another form of communication. More information on email spoofing can be found in the NJCCIC information report Spotting a Spoofing. If account credentials are submitted on a fraudulent website, users are advised to change their password, enable multi-factor authentication (MFA), and notify any appropriate IT or IT security personnel. Phishing emails and other malicious cyber activity can be reported to the FBI’s IC3 and the NJCCIC.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.